Original from rekt

The dark art of DeFi is still the most profitable.

Below is one of the most dramatic stories we have encountered so far.

A story of false magic, confusion, and allegations led to the biggest DeFi hacking incident to date.

Approximately $37.5 million of funds were stolen in a complex DeFi deception case. This attack used multiple transactions to raid Alpha Finance’s vaults and made many people believe that Cream’s Iron Bank was affected.

The murder took place in a hall with mirrors. The increasingly intertwined nature of the DeFi protocol and the complexity of the attack made the community confused as to who the real victims were and who should be responsible for compensation.

The attacker’s contract causes the Homora code to “believe” that their malicious contract is their own, with the goal of manipulating the amount of internal debt in the system.

This is a private battle between the protocol and the attacker. The contract being exploited has not been announced or made available to users, which means that they have not been directly affected. We have not seen such a blatant internal crime, Alpha Finance quickly pointed out that they have found a “primary suspect”.

If the contract is not ready yet, why deploy on the mainnet?

In the chaos, big players act quickly to protect their capital. SBF withdrew $400 million worth of FTT from Cream Finance, and Three Arrows Capital (Three Arrows Capital) sent more than $3 million worth of ALPHA tokens to Binance, the sole purpose of which may be to sell them.

The value of all tokens related to this attack has declined.

1. The Alpha Homora governance token ALPHA fell from $2.25 to $1.78.

2. Iron Bank governance token CREAM fell from US$288.32 to US$193.51.

3. AAVE, which provided the lightning loan function required for this attack, and its governance token fell from $518 on the day to a low of $492.

However, token pricing is not the most interesting aspect of this story.

The Alpha Finance team released an excellent survey report, and their findings were amazing. The results of our joint investigation show that the level of corruption is much worse than expected.

It remains to be seen whether Alpha Finance will disclose their allegations, but their initial statement about the main suspect indicates that the impact is coming.

From the official investigation report, we can see that the attacker needs to know the following information to carry out the attack:

1. HomoraBankv2 deploys an sUSD pool for the upcoming version, which is neither available on the UI nor publicly released.

2. There is no liquidity in the sUSD loan pool, so attackers can completely manipulate and exaggerate the total debt amount and total debt share;

3. There is a rounding error calculation in the calculation of the borrowing function, which will have an impact only when the attacker is the only borrower;

4. The resolveReserve function can increase totalDebt without increasing totalDebtShare. In fact, anyone can call the function used to collect income into the reserve pool;

5. HomoraBankv2 accepts any custom spell, as long as the invariant check out collateral>borrow (similar to the spell of the strategy in Year);

Under the gaze of so many users, the robbers left clear clues. In a rare counterattack, the victim singled out the attacker.

The above requirements prove that inside information is needed to carry out this attack. However, due to the scope of the agreement and audit company involved, insiders may have multiple possibilities.

rekt is no longer in the business of accusations, but we look forward to seeing how Alpha Finance handles this situation.

The following is what Alpha Finance stated:

1. The attacker created an evil spell (equivalent to Yearn’s strategy) https://etherscan.io/tx/0x2b419173c1f116e94e43afed15a46e3b3a109e118aba166fcca0ba583f686d23

2. The attacker exchanges ETH into UNI and provides ETH+UNI to the Uniswap pool (to obtain ETH/UNI LP tokens). In the same transaction, exchange ETH->sUSD on Uniswap and deposit sUSD into Iron Bank of Cream (get cysUSD) https://etherscan.io/tx/0x4441eefe434fbef9d9b3acb169e35eb7b3958763b74c5617b39034decd4dd3ad

3. Use evil spell to call execute to HomoraBankV2, execute: borrow 1000e18 sUSD, deposit UNI-WETH LP in WERC20, and use it as collateral in the process (bypassing the collateral> borrow check), the attacker owns 1000e18 sUSD debt Share (because the attacker is the first borrower) https://etherscan.io/tx/0xcc57ac77dc3953de7832162ea4cd925970e064ead3f6861ee40076aca8e7e571

4. Use evil spell again to call execute to HomoraBankV2, and execute: repay 100000098548938710983 sUSD (the actual accrued interest debt is 100000098548938710984 sUSD), resulting in the repayment share 1 less than the total share. As a result, the attacker now has 1 minisUSD debt and 1 share of debt. https://etherscan.io/tx/0xf31ee9d9e83db3592601b854fe4f8b872cecd0ea2a3247c475eea8062a20dd41

5. Invoke the resolveReserve of the sUSD bank, resulting in 19709787742196 debt, and totalShare is still 1. Current status: totalDebt = 19709787742197, and totalShare = 1 https://etherscan.io/tx/0x98f623af655f1e27e1c04ffe0bc8c9bbdb35d39999913bedfe712d4058c67c0e;

6. Use evil spell again to call execute to HomoraBankV2 and execute (repeat 16 times, each time the borrowed amount is doubled): Borrow 19,709,787,742,196 USD and transfer to the attacker (doubled each time, because totalDebt is doubled every time the borrow is successful). Each borrowing is 1 less than the totalDebt value, resulting in the corresponding borrowed share = 0, so the agreement treats it as a debt-free borrowing. At the end of the transaction, the attacker deposited 19.54 sUSD into Cream’s Iron Bank. https://etherscan.io/tx/0x2e387620bb31c067efc878346742637d650843210596e770d4e2d601de5409e3

7. Continue this process: use the evil spell again to call execute to HomoraBankV2 and execute (repeat 10 times, each time the borrowed amount is doubled). At the end of the transaction, the attacker deposited 1321 sUSD into Cream’s Iron Bank, https://etherscan.io/tx/0x64de824a7aa339ff41b1487194ca634a9ce35a32c65f4e78eb3893cc183532a4;

8. Borrow 1,800,000 USDC through Aave’s lightning loan, and then exchange the 1,800,000 USDC into 1770757.5625447219047906 sUSD, and deposit it in Cream to allow the attacker to have enough liquid funds to use custom spell borrowing, and continue to double the sUSD borrowing from 1,322.70 sUSD To 677223.15 sUSD (10 times in total). Change 1353123.59 sUSD to 1374960.72 USDC and borrow 426659.27 USDC from Cream (because the attacker has deposited sUSD in step b) https://etherscan.io/tx/0x7eb2436eedd39c8865fcc1e51ae4a245e89765f4c64a3200c623f676b3912f9

9. Repeat step 8, this time the amount is about 10 million USDC, https://etherscan.io/tx/0xd7a91172c3fd09acb75a9447189e1178ae70517698f249b84062681f43f0e26e;

10. Repeat 10 million USDC, https://etherscan.io/tx/0xacec6ddb7db4baa66c0fb6289c25a833d93d2d9eb4fbe9a8d8495e5bfa24ba57

11. Borrow 13244.63 WETH+3.6 million USDC+5.6 million USDT+4.26 million DAI, supply stablecoins to Aave (to obtain aToken, so USDC and USDT cannot be frozen), and supply aDAI, aUSDT and aUSDC to the Curve a3Crv pool, https:/ /etherscan.io/tx/0x745ddedf268f60ea4a038991d46b33b7a1d4e5a9ff2767cdba2d3af69f43eb1b

12.Add a3Crv LP token to Curve’s liquidity gauge https://etherscan.io/tx/0xc60bc6ab561af2a19ebc9e57b44b21774e489bb07f75cb367d69841b372fe896

13. The remaining transactions will send funds to Tornado Cash and GitCoin Grants, of which 1,000 ETH will be sent to the address of the deployer of Cream and Alpha.

This story is unique and suspicious.

When it comes to white hat/black hat activities, we always look forward to seeing role transitions, but we rarely see victims accuse them so clearly.

Andre Cronje, who facilitated the collaboration between Yearn and Alpha Homora a few weeks ago, wrote of the attack:

“Take some time to study this attack, 9 transactions, 4 different manipulations, one of which includes precise debt calculations. It took the research team several hours to figure it out. Alpha immediately took measures to mitigate the vulnerability. The problem was resolved within minutes after it was discovered.”

And Banteg’s reply is:

“This incident is absolutely crazy. It is impossible for anyone to look at the contract casually, especially those unannounced things, to discover this.”

Maybe this will lead to another Yearn acquisition. Cronje’s name was mentioned 4 times in the investigation report, and the model does seem familiar. . .

How long can the era of anonymous hackers last?

Since the list of possible suspects is very small, it is easier to exclude and track potential attackers. In this case, the list is even smaller than usual.

When dealing with code, “Don’t trust, verify” is an excellent slogan, but it does not stop the growing social paranoia. We are going through a period of unprecedented growth in cryptocurrency and DeFi. During this period, the cost of not working is very high. The mental burden of DeFi developers is increasing day by day.

The empire is built on the lines of code, and the future of finance is before our eyes.

Developers are caught in competition, and corrupt insiders help hackers work underground and dig holes in their foundations.

When one tower collapses, the other towers will watch and learn. Before the dust settles, the crowd has already begun to move forward, and the tough team will return to the arena in search of stronger strength.

How long can they last before the inevitable error causes their cloak of anonymity to fall?